To implement a Logout functionality with SiteMinder SSO OIDC, you need following configuration in your auth_openid.conf file:
<Location /logout >
Redirect 302 "https://<siteminder-host>:<siteminder-port>/<sso-logout-URL>"
</Location>
Then in your application you will have to use the logout URL as:
<OIDCRedirectURI>?logout=https://<apache-host>:<apache-port>/logout
The above URL portion <OIDCRedirectURI>?logout= will cause the OIDC Session cached by Apache WS to get invalidated. Then it would redirect to /logout context configured in your Apache configuration. The /logout location configured in your Apache will cause a redirect to Avaya SSO logout URL which will ensure that SSO session used is invalidated in SSO Policy servers.
The following diagram shows a high level flow:
No comments:
Post a Comment